Isolating data within a computer system using private shadow mappings
US9274974B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 20, 2006 |
| Grant date | Mar 1, 2016 |
| Priority date | — |
| Expiry date | Jul 27, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2212/657
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Virtualization software establishes multiple execution environments within a virtual machine, wherein software modules executing in one environment cannot access private memory of another environment. A separate set of shadow memory address mappings is maintained for each execution environment. For example, a separate shadow page table may be maintained for each execution environment. The virtualization software ensures that the shadow address mappings for one execution environment do not map to the physical memory pages that contain the private code or data of another execution environment. When execution switches from one execution environment to another, the virtualization software activates the shadow address mappings for the new execution environment. A similar approach, using separate mappings, may also be used to prevent software modules in one execution environment from accessing the private disk space or other secondary storage of another execution environment.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.